How to Protect Your Router From Hackers

Many users don’t realize it, but that tiny, always-on device gathering dust in the corner can become a spy in your house. Don’t look any further than your router, though, because that’s the device that is eyed by many cybercriminals and even intelligence agencies, as documents released by Edward Snowden show.

The problem with routers is that such consumer devices are mostly insecure as they are often full of unpatched security vulnerabilities. Here’s the thing, a router is only as secure as its firmware allows, so if you are using a router already with these security vulnerabilities, then your network will also be vulnerable. Intelligence agencies love to crack routers because they can maintain a persistent hold on the network traffic. Although computers in the network may be running the latest software, the router often runs outdated firmware simply because these devices aren’t updated with new software very often or patched in the same way that desktop operating systems are.

What can you do?

Take a look at the security features and enable every possible protective layer. There are a number of things that you should consider doing after purchasing a router other than the one provided by your ISP. Pro tip: don’t use the router the ISP guy gave you. Ever. These routers are vulnerable by their very nature due to their firmware. The best router to buy is one that supports open-source firmware such as OpenWrt/LEDE, DD-WRT, AdvancedTomato or Asuswrt-Merlin.

1. Change the default passwords

Every router comes with a default admin username and password. You’ll need them to access the router but it’s important to change the default password as soon as you have access to it. The issue with these generic credentials is that this information is widely available to the public, so anyone with access to the network can change the settings without your knowledge.

Along with the admin username the router also comes a wireless network name or SSID. Customize it to protect yourself, otherwise the SSID will give away the router’s model. If the default password remains unchanged, this will mean the router is low-hanging fruit for hackers who will have no challenges taking control of it.

Selecting a password

The best choice is to always use unique and cryptographically secure passwords. You may have your own recipe or preference, though we have a fool-proof method for creating a unique password. Alternatively you could use a password manager, which enables you to store both the router’s and the network’s password in a safe vault alongside the username and password received from the ISP and other credentials needed to connect to the internet.

2. Enable encryption

Now you have a personalized wireless network the next step is to secure it. Depending on the router model, it may allow you to activate WPA2 encryption. If the router offers only WEP encryption, stop using it and look for a newer model.

3. Enable the firewall

The router has a built-in firewall, so don’t forget to activate it. It may come under different names, such as SPI (stateful packet inspection) or NAT (network address translation) but don’t concern yourself too much by the label.

4. MAC address filtering

This can easily become a hassle as the network grows, but MAC (media access control) address filtering is one of the most effective ways to eliminate suspect devices from the network. It’s not perfect, but it’s a good method to make it harder for the bad guys to get access to your network.

5. Update firmware

The main problem with routers is related to their firmware. Router security vulnerabilities aren’t a new thing, and security researchers such as Michael Horowitz have been warning manufacturers and users alike about the sad state of consumer router firmware. What you can do as a user, however, is to upgrade the router’s firmware to the latest available version – which theoretically patches out any vulnerabilities – or migrate to a business router which provides additional security features for better home network security.

6. Use a VPN

If the router supports open-source firmware, it’s easier to turn it into a VPN router and will therefore maximize the protection of the whole network. You can buy a VPN router outright or look for models that support open-source firmware.